Cheers to 2020 coming to an end! This year has been especially challenging for businesses and their employees. From moving to remote working, to abiding by COVID-19 health standards, businesses have been adapting every step of the way. That being said, many businesses have adopted new business technologies to help them operate in this new era, and in many cases have failed to enhance their security systems accordingly.
Business owners are always striving to improve specific aspects of their business and this year is no different. Here in the IT service space, we focus on improving our customer’s overall business technology and security. That is why we are presenting our 10 Days of Business Security.
Start your new year off right and set expectations high for yourself and your employees. With these ten simple steps, you can vastly improve your business’s overall security. Starting today, we will be updating the post with another tip on how you can easily protect your business from malicious forces trying to bring you down.
- You are a target ONLINE and OFFLINE
The biggest mistake we see people make when it comes to business security is that they truly believe it will NEVER happen to them. “I am very careful online, there is no way this will happen to me” they say, but we guarantee you that is NOT the case. Everyone is a target in the eyes of malicious hackers, and no one is safe.
You should always be operating under the assumption that someone is actively trying to get your data and worst, your client’s data.
- Policy and Procedures
Written policies and procedures will help you as a business owner create and maintain expectations with your employees. This will help set standards on the proper practice of handling sensitive information, creating and storing passwords, and anything else that may impact your overall security. Worst case scenario, these guidelines can also help you in legal situations in which the liability of lost or stolen data is in question. Best case, this document can serve as a guide if anyone is questioning how to handle or store certain information.
Create a policy and procedures document that all employees must read and sign upon on-boarding with the company. Here at FusionTek we have multiple documents that outline our expectations for employees and help keep our business secure.
- On-going Employee Training
Training is essential to business and data security. You should always be updating your training guidelines and regularly testing your employees on the subject. If you hope to maintain certain expectations with your employees, then you should always provide them with proper training from the start. Here are a few things you could include in such training:
- Password management
- How to identify a phishing scheme
- Proper tools for password creation / storage
- How to handle sensitive client data
Every new employee should be trained in proper data management techniques and the team should be refreshed on this at least once a year.
- Password Management
Passwords are a hot commodity amongst hackers and should be protected at all costs. Many companies use a password storage tool or have policies in place for using the built in one many browsers provide. You should be very careful with where your passwords are stored, and who has access to them. Also, be sure to use strong passwords (a random series of letters and characters) to ensure your password cannot be easily identified.
DO NOT share company credentials with anyone outside the organization. Use a trustworthy third party, to store your passwords. Be sure that everyone uses strong passwords.
- Never Leave Devices Unattended
Your devices should never be left unattended. Device should be defined at any piece of technology that stores or accesses company information (phone, computer, pad, etc.) Sure, at the office you can likely leave your computer alone while you use the restroom or go get coffee with little to no risk, but when you are outside the office you should always keep your device with you. Physical security is just as important as technical security.
Side note: You should never leave files and other papers containing client information left unattended either.
Never leave your devices unattended and always lock your computer when you are away from it.
- Be careful what you click on
Phishing schemes and other click bait scams are becoming increasingly popular, especially in the form of emails. You should always book looking out for suspicious emails. Many of these popular schemes are sent by people claiming to be someone else. For example, you may heard of the gift card scheme in which someone impersonates your boss and asks you to buy multiple gift cards or someone claiming to be a long lost relative in need of some cash? Don’t fall for it.
Most recently people have begun impersonating other large companies you may be familiar with. For example, they will create an email that looks like one you may receive from Amazon or your local bank. The email will include a button which redirects you to a fake website. You can identify these fraudulent sites by closely looking at the URL for mistakes. Once you log in on to their fake site, they’ve got your credentials.
We hosted a webinar earlier this year where we went in depth on this particular topic: Hackers Are Still At Work – 5 Tips to Secure Your Work While Working Remotely. You can request a copy of this here.
Always investigate these aspects of anything you click on: the sender and their information, the ask, and the URLS. Also, NEVER enter your information if you are even a little suspicious of link.
- Anti-virus and malware protection
If you as a company are issuing devices out to your staff such as laptops or computers, you should ALWAYS install some sort of anti-virus / malware protection software. These are designed to help you keep your devices free of potentially business threatening virtues. If the wrong software or virus is able to make its way onto your device, it could potentially infiltrate the rest of your network, leaving you vulnerable to a large data attack. These sorts of viruses commonly come from downloading things from the internet.
The purpose of the anti-virs software is to prevent these sorts of malicious viruses from making their way onto your device AND to alert you when something is potentially harmful. They also conduct scans that will monitor the overall health of your device and notify you when something may be off.
Better safe than sorry when it comes to anti-virus and malware protection. Install it in all your devices, for all your employees.
- Bringing Your Own Device – Mobile Device Policy
Many companies these days are allowing their employees to use their personal cell phones to conduct business calls, log into their email, or communicate on instant messaging applications. If your organization falls into this category then you should make sure to include special policies for these devices. Although many provide an additional level of security by using facial recognition software, some are not as advanced and should require some sort of password to access. Be sure to include some sort of regulation for this in your policies and procedures documentation.
Always require that personal devices have some sort of a lock code, pin, or password in place to access the device and be sure to create a section within your policies and procedures specifically regarding personal devices.
- Security Testing
Security testing is something your managed service provider or IT admin should be performing semi-regularly in order to make sure your network is secure and protected. We do these with our clients to be sure that any new vulnerabilities are addressed before they become larger issues.
Test your network for proper security protections somewhat regularly to identify any vulnerabilities quickly.
- Back up your data for business continuity.
Business continuity is very important and lack of it can be very costly. Business continuity is the way in which your business continues to function when there is data lost or a technical failure of some sort.
Imagine Amazon is experiencing a technical issue that prevents their users from submitting purchases for 5 minutes. With millions of users worldwide you could imagine that this technical issue could cost them millions of dollars in purchases. This is where back up and continuity come into play.
Therefore every business should have their data and information backed up on a server. Many people think that the tools they use provide this back-up for them, but this is not the case. For example, many companies use online platforms such as SharePoint or Google Drive and think that these tools provide backed up versions of their work. Many organizations store important files and business information on those sites, but few understand that neither Microsoft nor Google back up that data. If Google or Microsoft were to lose that data, you would likely be unable to retrieve them… unless you had your own back up. You should work with your IT provider or IT admin to be sure this is being done.
Like we said above, lost data can be more than a nuisance, it can be costly!
